Many secured local area network (LAN) deployments user IEEE 802.1X based security to provide support for centralized user identification, authentication, dynamic key management, and accounting. The IEEE standards are promulgated by the Institute of Electrical and Electronics Engineers. The process of obtaining a valid authentication key is a multi-step process where many packets are exchanged at each step between wireless client, authenticator (i.e., access point and controller), and a RADIUS (Remote Authentication Dial-In User Service) server. Wireless client devices that have delay-sensitive applications such as voice and video suffer significantly when the wireless client roams from one access point to another due to the excessive packet exchange.
The IEEE 802.11r defines a fast Basic Service Set (BSS) transition between access points by redefining security key negotiation protocol where part of the key derived from the RADIUS server, thereby avoiding the full IEEE 802.1X process at every transition. However, the specific protocol of how and where keys are cached, and when keys are distributed was not described.
Cloud-based services are another area of concern because network travel time degrades service performance. The network travel time is the duration of a frame traveling from a source to a destination. Cloud-based controllers, as a result of this added flight time, underperform relative to LAN located controllers. A controller is responsible for a group of access points on a LAN and needs frequent communication with the access points. Moreover, when security keys are not properly cached, the performance of IEEE 802.11 suffers as well.
Therefore, what is needed is a robust technique for selectively caching authentication keys for fast roaming of wireless stations in communication networks.